The OSI Model: an Overview

Interested in learning more about security?

SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.

The OSI Model: An Overview

This paper provides an overview of the Open Systems Interconnection (OSI) reference model which defines a hierarchical architecture that logically partitions the functions required to support system-to-system communication and has served as the most basic elements of computer networking since the inception in 1984.

The OSI Model: An Overview Rachelle L. Miller GSEC Practical Assignment Version 1.2e

The Open Systems Interconnection (OSI) reference model has served as the most basic elements of computer networking since the inception in 1984. The OSI Reference Model is based on a proposal developed by the International Standards Organization (ISO). The original objective of the OSI model was to provide a set of design standards for equipment manufacturers so they could communicate with each other. The OSI model defines a hierarchical architecture that logically partitions the functions required to support system-to-system communication. Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 The OSI model has seven layers, each of which has a different level of abstraction and performs a well-defined function. The principles that were applied to arrive at the seven layers are as follows (Feig)1: · A layer should be created where a different level of abstraction is needed.

· Each layer should perform a well-defined function.

· The function of each layer should be chosen with an eye toward defining

internationally standardized protocols.

· The layer boundaries should be chosen to minimize the information flow across the interfaces. · The number of layers should be large enough that distinct functions need not be thrown together in the same layer out of necessary, and small enough that the architecture does not become unwieldy.

The layered approach offers several advantages. By separating networking functions into logical smaller pieces, network problems can more easily be solved through a divide -and-conquer methodology. OSI layers also allow extensibility. New protocols and other network services are generally easier to add to a layered architecture.

1 The seven OSI layers are defines as follows (Feig) : 7. Application: Provides different services to the application 6. Presentation: Converts the information 5. Session: Handles problems which are not communication issues 4. Transport: Provides end to end communication control 3. Network: Routes the information in the network 2. Data Link: Provides© SANS error Institute control 2001, Author retains full rights 1. Physical: Connects the entity to the transmission media

(An acronym used to help remember the model from bottom to top is “Please Do Not ThrowKey Sausage fingerprint Pizza = AF19 Away.” FA27 2F94From 998D top down FDB5 the DE3D “All F8B5People 06 E4Seem A169 To 4E Need46 Data Processing” acronym can be utilized.)

© SANS Institute 2001, As part of the Information Security Reading Room. Author retains full rights. The application, presentation, and session layers comprise the upper layers of the OSI Model. Software in these layers performs application specific functions like data formatting, encryption, and connection management. The transport, network, data link, and physical layers comprise the lower layers, which provide more primitive network- specific functions like routing, addressing, and flow controls.

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46

(Mitchell)2

Application Layer (Layer 7) The application layer is the top layer of the OSI model. It provides a set of interfaces for applicati ons to obtain access to networked services as well as access to network services that support applications directly. This layer also provides application access security checking and information validation. The Application Layer provides the following functions (Tan Ten Hong)3: · File Transfer, Access and Management (FTAM): Provides handling services in the network. This includes the movement of files between different systems, reading, writing and deletion of remote files, and management of remote file storage.

· Virtual Terminal (VT): Provides services to access applications in different

remote computer systems through stimulating a real terminal.

· Electronic Mail and Messaging Handling (MHS): Facilitates the electronic

exchange of documents.

· Directory Services (DS): Provides services with the ability to match names with addressing information. · Common management Information Protocol (CMIP): Provides services for network management.

Distributed appli©cations SANS servi Instituteces, whether 2001, AuthorOSI or TCP/IP retains based, full rights have some common 3 characteristics (Tan Ten Hong) : · An end-user interface that provides a human or another application with the means to enter commands that direct the application to send files to and receive Keyfiles fingerprint from a = remote AF19 FA host,27 2F94 list or 998D change FDB5 directories, DE3D F8B5 rename 06E4 A169 or delete 4E46 files, etc. · The means of performing input to and output from mass storage devices. · The means of transferring the files and file-related information between hosts.

Presentation Layer (Layer 6) The presentation layer is responsible for the format of the data transferred during network communications. This layer is concerned with the syntax and semantics of the information transmitted. For outgoing messages, it converts data into a generic format for the transmission. For the incoming messages, it converts the data from the generic form to a format understandable to the receiving application. Different computers have different codes for representing data. The presentation layer makes it possible for computers with different representation to communicate. The presentation layer provides common communication services such as encryption, text compression, and reformatting.

TheKey presentation fingerprint =layer AF19 is FAalso27 concerned2F94 998D FDB5with other DE3D aspect F8B5 s06 ofE4 information A169 4E46 representation. Data compression can be used to reduce the number of bits that have to be transmitted. Cryptography is frequently required for privacy and authentication.

Session Layer (Layer 5) The session layer permits two parties to hold ongoing communications called a session across a network. The applications on either end of the session can exchange data or send packets to another for as long as the session lasts. The session layer handles session setup, data or message exchanges, and tear down when the session ends. It also monitors session identification so only designated parties can participate and security services to control access to session information. A session can be used to allow a user to log into a remote time-sharing system or transfer a file between two machines. (Tan Ten Hong)3

The session layer has the option of providing one-or-two-way communication called dialogue control. Sessions can allow traffic to go in both directions at the same time, or in only one direction at a time. Token management may be used to prevent both sides

from attempting the same operation at the same time. To manage these activities, the

session layer provides tokens that can be exchanged. Only the side holding the token

is permitted to perform the critical operation.

Another session service is synchronization. Consider the problems that occur when

transferring a file between two machines and the system crashes not being able to

complete the transfer. This process must be restarted from the beginning. To avoid

this problem, the session layer provides a way to insert checkpoints into the data

stream, so that after a crash, only the data after the last checkpoint has to be repeated. © SANS Institute 2001, Author retains full rights

Transport Layer (Layer 4) The basic function of the transport layer is to accept data from the session layer, split it up intoKey smallerfingerprint units, = AF19 pass FA it27 to 2F94the network 998D FDB5 layer, DE3D and F8B5ensure 06 E4that A169 the bits4E46 delivered are the same as the bits transmitted without modification, loss or duplication.

© SANS Institute 2001, As part of the Information Security Reading Room. Author retains full rights. If an error occurs during transmission, the transport layer must correct it. There is a set of rules to follow that detail the handling of the error and how to correct it. The correctio n may mean re-sending just the damaged data or restarting from the beginning. This can be achieved because the transport layer protocol includes the capability to acknowledge the receipt of a packet. “If no acknowledgement is received, the transport layer can retransmit the packet or time-out the connection and signal an error. The transport protocol can also mark packets with sequencing information so that the destination system can properly order the packets if they are received out of order.” (Tan Ten Hong)3

If the transport connection requires a high throughput, the transport layer might create multiple network connection by dividing the data among the network connections to improveKey f ingerprintthe throughput. = AF19 FAHowever,27 2F94 the998D transport FDB5 DE3D layer F8B5might 06 multiplexE4 A169 several4E46 transport connections onto the same network to reduce costs. This multiplexing is transparent to the session layer.

“Transport protocols provide the capability for multiple application processes to access the network by using individual local addresses to determine the destination process for each data stream. These addresses are often referred to as ports and connection opened to these ports as sockets.” (Tan Ten Hong)3

Network Layer (Layer 3) The network layer controls the operation of a sub-net, provides routing, congestion control and accounting. The network layer provides both connectionless and connection -oriented services. A key design issue is determining how packets are routed from source to destination. Routes can be based on static tables that are within the network and rarely change. They could also be determined at the start of each conversion. Finally, they could be highly dynamic, being newly determined for each packet to reflect the current network load. It is up to the network layer to allow

heterogeneous networks to be interconnected. The IP protocol resides in this layer. All

routers in the network are operating at this level.

If too many packets are present in the sub-net at the same time, bottlenecks will form.

The network layer helps to control this congestion. An accounting function is built into

the network layer to ensure that the number of bits sent is the number of bits received.

Controls over network connections, logical channels, segmenting and sequencing, and

data flow can be placed in this layer. © SANS Institute 2001, Author retains full rights

Data Link Layer (Layer 2) The main task of the data link layer is to take a raw transmission and transform it into a lineKey that f ingerprintappears free= AF19 of transmission FA27 2F94 998D errors FDB5 in the DE3D network F8B5 layer.06E4 A169 It accomplishes 4E46 this task by having the sender break the input data up into data frames, transmit the frames sequentially, and process the acknowledgment frames sent back by the receiver. The protocol packages the data into frames that contain source and destination addresses.

© SANS Institute 2001, As part of the Information Security Reading Room. Author retains full rights. These frames refer to the physical hardware address of each network card attached to the network cable. Ethernet, Token Ring, and ARCnet are examples of LAN data link protocols. If communication extends beyond the LAN onto the Internet, the network might use other data link protocols, such as Point-to-Point Protocol (PPP) or Serial Line Internet Protocol (SLIP).

The data link layer sends blocks of data with the necessary synchronization, bit error detection/correction error control, and flow control. This control of data flow controls approximately 70 percent of all error handling. Since the physical layer merely accepts and transmits a stream of bits without any regard to the meaning of the structure, it is up to the data link layer to create and recognize frame boundaries. This can be accomplished by attaching special bit patterns to the beginning and end of the frame. Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Encryption can be used to protect the message as it flows between each network node. Each node then decrypts the message received and re-encrypts it for transmission to the next node.

Physical Layer (Layer 1) The physical layer is concerned with transmitting raw bits over a communication channel. The design issues have to do with making sure that when one side sends a 1 bit, it is received by the other side as a 1 bit, not as a 0 bit. Typical questions are how many volts should be used to represent a 1 and how many for a 0, how many microseconds a bit lasts, whether transmission may proceed simultaneously in both directions, how the initial connection is established and how it is torn down when both sides are finished, and how may pins the network connector has and what each pin is used for. The design issues deal largely with mechanical, electrical, functional, and procedural interface.

The physical layer describes some type of cabling system as the transmission media. It

also describes the network topology and how the transmission media is to be

distributed. Some examples include the bus, star, and ring topologies.

Concepts

Three concepts are central to the OSI model:

1. Services

2. Interfaces

3. Protocols

© SANS Institute 2001, Author retains full rights Information from each layer passes up to the next layer, so that a protocol operating at a given layer can access all the information the protocols below it collect or prepare. Each layer performs some services for the layer above it. The service definition tells whatKey the fingerprint layer does, = AF19 not howFA27 entities 2F94 998D above FDB5 it access DE3D orF8B5 how 06 theE4 A169layer 4Eworks.46 A layer’s interface tells the processes above it how to access it. It specifies what the parameters are and what results to expect. The layer can use any protocols as long as it provides the offered services.

OSI versus TCP/IP TCP/IP has four layers in its transport model instead of the seven that the OSI reference model lays out. When compared to the OSI reference model, the TCP/IP model combines the application, presentation, and session layers into a single top layer, called the application layer, and combines the data-link and physical layers into a bottom layer, called the network interface layer.

OSI TCP/IP Application (Layer 7) Presentation (Layer 6) Application Session (Layer 5) KeyTransport fingerprint (Layer= AF19 4) FA 27 2F94 998D FDB5 DE3DTransport F8B5 06E4 A169 4E46 Network (Layer 3) Internet

Data Link (Layer 2) Subnet

Physical (Layer 1)

Summary · The application layer is the layer at which a user and a computer interface to a network to view a message, data request, or response. It contains a variety of comm only used protocols, such as file transfer, virtual terminal, and email. · The presentation layer converts incoming and outgoing data from one presentation format to another. It manages the syntax and semantics of the information transmitted between two computers. · The session layer manages the establishment of a continuing series of requests and responses between the applications at each end. It establishes and manages sessions, conversions, and dialogues between two computers. · The transport layer manages the end-to-end control and error checking. · The network layer handles the routing of the data. It controls the operation of a packet from one network to another. · The data link layer provides error control and synchronization for the physical level · The physical layer conveys the bit stream through the network at the electrical and mechanical level. It physically transmits signals across a communication medium.

Conclusion

Not every network© SANS uses all Institute of the model’s 2001, Authorlayers. ISO’s retains intent full in rights creating the OSI model wasn’t to describe every network but to give protocol designers a map to follow to aid in design. This model is useful for conceptualizing network components to demonstrate how they fit together to help the computers within the network communicate.

TheKey OSI fingerprint reference = modelAF19 FA was27 formulated2F94 998D FDB5as a template DE3D F8B5 for 06theE4 structure A169 4E of46 comm unications systems. It was not intended that there should be standard protocols associated with each layer. Instead, a number of different protocols have been

© SANS Institute 2001, As part of the Information Security Reading Room. Author retains full rights. developed each offering a different functionality. There are three major international organizations developing standards and protocols for communications including:

· International Standards Organization (ISO) · American Institute of Electrical Engineers (IEEE) – produces standards for use by computer manufacturers · International Telecommunications Union – Telecommunications Sector (ITU-T) – produces standards for connecting different types of national and international public networks

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46

(Feig) 1

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46

1. Feig, Rami. “Computer Networks: The OSI Reference Model.” URL: http://www.rad.com/netwo rks/1994/osi/intro.htm (31 July 2001).

2. Mitchell, Bradley. “Basic Network Design – The OSI Model.” URL: http://compnetwo rking.about.com/library/weekly/aa052800a.htm (31 July 2001).

3. Tan Teng Hong, Andrew; Chee Meng, Mah; Yew Wai, Chee; Yoke Chuan, Tan; Kim Ming, Cheong; “Comparing OSI and TCP/IP.” URL: http://members.tripodasia .com.sg/osi/home.htm (31 July 2001).

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 References

Anderson, Christa. “Mapping Practice to Theory: NT Networking and the OSI Model.” Windows 2000 Magazine. 1 March 1999. URL: http:// www.win2000mag.com/Articles/Index.cfm?ArticleID=4912 (15 August 2001).

Briscoe, Neil. “Understanding The OSI 7-Layer Model.” PC Network Advisor Issue 120 (July 2000): 13 - 14.

Feig, Rami. “Computer Networks: The OSI Reference Model.” URL: http://www.rad.com/netwo rks/1994/osi/intro.htm (31 July 2001).

Mitchell, Bradley. “Basic Network Design – The OSI Model.” URL:

http://compnetworking.about.com/library/weekly/aa052800a.htm (31 July 2001).

Rohlin, Robert W. “OSI Model: Upper Layers”. URL:

http://www.rohlin.com/helpdesk//CCNA/upper_layers.htm (31 July 2001).

Tan Teng Hong, Andrew; Chee Meng, Mah; Yew Wai, Chee; Yoke Chuan, Tan; Kim

Ming, Cheong; “Comparing OSI and TCP/IP.” URL:

http://members.tripodasia.com.sg/osi/home.htm (31 July 2001).

“OSI Model Layers.”

URL: http://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html (31 July 2001).

Zhou,Key Tao, fingerprint “ISO/OSI, = AF19 IEEE FA 802.2,27 2F94 and 998D TCP/IP.” FDB5 DE3D URL: F8B5 06E4 A169 4E46 http:// www.win2000mag.com/Articles/Index.cfm?ArticleID=22

Upcoming SANS Training Click Here for a full list of all Upcoming SANS Events by Location

SANS Houston 2017 Houston, TXUS Jun 05, 2017 - Jun 10, 2017 Live Event

Security Operations Center Summit & Training Washington, DCUS Jun 05, 2017 - Jun 12, 2017 Live Event

SANS Milan 2017 Milan, IT Jun 12, 2017 - Jun 17, 2017 Live Event

SEC555: SIEM-Tactical Analytics San Diego, CAUS Jun 12, 2017 - Jun 17, 2017 Live Event

SANS Rocky Mountain 2017 Denver, COUS Jun 12, 2017 - Jun 17, 2017 Live Event

SANS Charlotte 2017 Charlotte, NCUS Jun 12, 2017 - Jun 17, 2017 Live Event

SANS Secure Europe 2017 Amsterdam, NL Jun 12, 2017 - Jun 20, 2017 Live Event

SANS Minneapolis 2017 Minneapolis, MNUS Jun 19, 2017 - Jun 24, 2017 Live Event

DFIR Summit & Training 2017 Austin, TXUS Jun 22, 2017 - Jun 29, 2017 Live Event

SANS Cyber Defence Canberra 2017 Canberra, AU Jun 26, 2017 - Jul 08, 2017 Live Event

SANS Paris 2017 Paris, FR Jun 26, 2017 - Jul 01, 2017 Live Event

SANS Columbia, MD 2017 Columbia, MDUS Jun 26, 2017 - Jul 01, 2017 Live Event

SEC564:Red Team Ops San Diego, CAUS Jun 29, 2017 - Jun 30, 2017 Live Event

SANS London July 2017 London, GB Jul 03, 2017 - Jul 08, 2017 Live Event

Cyber Defence Japan 2017 Tokyo, JP Jul 05, 2017 - Jul 15, 2017 Live Event

SANS Cyber Defence Singapore 2017 Singapore, SG Jul 10, 2017 - Jul 15, 2017 Live Event

SANS Los Angeles - Long Beach 2017 Long Beach, CAUS Jul 10, 2017 - Jul 15, 2017 Live Event

SANS ICS & Energy-Houston 2017 Houston, TXUS Jul 10, 2017 - Jul 15, 2017 Live Event

SANS Munich Summer 2017 Munich, DE Jul 10, 2017 - Jul 15, 2017 Live Event

SANSFIRE 2017 Washington, DCUS Jul 22, 2017 - Jul 29, 2017 Live Event

Security Awareness Summit & Training 2017 Nashville, TNUS Jul 31, 2017 - Aug 09, 2017 Live Event

SANS San Antonio 2017 San Antonio, TXUS Aug 06, 2017 - Aug 11, 2017 Live Event

SANS Prague 2017 Prague, CZ Aug 07, 2017 - Aug 12, 2017 Live Event

SANS Hyderabad 2017 Hyderabad, IN Aug 07, 2017 - Aug 12, 2017 Live Event

SANS Boston 2017 Boston, MAUS Aug 07, 2017 - Aug 12, 2017 Live Event

SANS Salt Lake City 2017 Salt Lake City, UTUS Aug 14, 2017 - Aug 19, 2017 Live Event

SANS New York City 2017 New York City, NYUS Aug 14, 2017 - Aug 19, 2017 Live Event

SANS Virginia Beach 2017 Virginia Beach, VAUS Aug 21, 2017 - Sep 01, 2017 Live Event

SANS Chicago 2017 Chicago, ILUS Aug 21, 2017 - Aug 26, 2017 Live Event

SANS Adelaide 2017 Adelaide, AU Aug 21, 2017 - Aug 26, 2017 Live Event

SANS San Francisco Summer 2017 OnlineCAUS Jun 05, 2017 - Jun 10, 2017 Live Event

SANS OnDemand Books & MP3s OnlyUS Anytime Self Paced